Richie/dotfiles
1
0
Fork 0
mirror of https://github.com/RichieCahill/dotfiles.git synced 2026-04-17 13:08:19 -04:00
Code Issues Packages Projects Releases Wiki Activity

moved secrets.yaml

Browse Source
This commit is contained in:
Richie Cahill
2025-01-07 00:32:42 -05:00
parent 15234fa2bb
commit 71e6fa377c
4 changed files with 68 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.sops.yaml
View File

@@ -3,17 +3,15 @@ keys:
- &system_bob age1q47vup0tjhulkg7d6xwmdsgrw64h4ax3la3evzqpxyy4adsmk9fs56qz3y - &system_bob age1q47vup0tjhulkg7d6xwmdsgrw64h4ax3la3evzqpxyy4adsmk9fs56qz3y
- &system_jeeves age13lmqgc3jvkyah5e3vcwmj4s5wsc2akctcga0lpc0x8v8du3fxprqp4ldkv - &system_jeeves age13lmqgc3jvkyah5e3vcwmj4s5wsc2akctcga0lpc0x8v8du3fxprqp4ldkv
- &system_muninn age1yxx8uwxkugvncseatftkxttnmy8888wxemtygdkzhfzj5fzzfvgsuj3hn2
- &system_router age1xzxryqq63x65yuza9lmmkud7crjjxpnkdew070yhx6xn7xe4tdws5twxsv - &system_router age1xzxryqq63x65yuza9lmmkud7crjjxpnkdew070yhx6xn7xe4tdws5twxsv
- &system_rhapsody age1ufnewppysaq2wwcl4ugngjz8pfzc5a35yg7luq0qmuqvctajcycs5lf6k4 - &system_rhapsody age1ufnewppysaq2wwcl4ugngjz8pfzc5a35yg7luq0qmuqvctajcycs5lf6k4
creation_rules: creation_rules:
- path_regex: users/richie/secrets\.yaml$ - path_regex: users/secrets\.yaml$
key_groups: key_groups:
- age: - age:
- *admin_richie - *admin_richie
- *system_bob - *system_bob
- *system_jeeves - *system_jeeves
- *system_muninn
- *system_router - *system_router
- *system_rhapsody - *system_rhapsody

9
users/richie/default.nix
View File

@@ -5,8 +5,17 @@
}: let }: let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in { in {
sops.secrets.richie_password = {
sopsFile = ../secrets.yaml;
neededForUsers = true;
};
users.users.richie = { users.users.richie = {
isNormalUser = true; isNormalUser = true;
hashedPasswordFile = "${config.sops.secrets.richie_password.path}";
shell = pkgs.zsh; shell = pkgs.zsh;
group = "richie"; group = "richie";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [

57
users/richie/secrets.yaml
View File

@@ -1,57 +0,0 @@
my_secret: ENC[AES256_GCM,data:90kRHkDdhuBhskNGeA==,iv:2LTCXQyPJoddxbgCDX+sA8YPEZjS+2V9ZVKYu0dD1WE=,tag:d7wDFBnBwcCuhX+w8gOvaA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1u8zj599elqqvcmhxn8zuwrufsz8w8w366d3ayrljjejljt2q45kq8mxw9c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTE5lQ001N3dBTTluU3Bq
TWNwWG5SVURnMFJ3Z21UemlNVHI0dDVMVTB3CjVtK1VBZXFQQlZUckRGM3QyQnhs
eVdhc2c2dHQ1MXFWMmlpS2JpZTBGZWcKLS0tIEluL0ZKZWJXVGtlbUJCcEFTYWtB
ZU5rSHUyR0doWUQyMjJWaUZ0NzNPYncKXnx2/Kg+NGO1ApyVjd2CeWXphgg4zZSL
D79j5NhPrk6Bhr3IcwD6hc0OPZ74pw6mg14yzBFglrw82WZdDnAHxw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1q47vup0tjhulkg7d6xwmdsgrw64h4ax3la3evzqpxyy4adsmk9fs56qz3y
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4WFhiMURJSkdOUVhoNGxo
R3NWdVJvSUZKMFduM29wTkJDNGszOHdRRTBvCmUxQkhrV1dyV2tJMmcwZHNjOXcv
NUdIeDl3R0o2d2M1R3AzV3k1SkZhc00KLS0tIGhEVEtvVGtBdEcrK3ZMVUhuYklv
WXMyUkZZVmRERENOSldCcDB4OHQ4NVEK81zddZggn7+TzANzjMkjbpnCOHtX4TcA
2F/Uin4RVD8ECdcoLLeTddo8ILIC4dQ9bD1TA3Wu23v0qsP6KkhczA==
-----END AGE ENCRYPTED FILE-----
- recipient: age13lmqgc3jvkyah5e3vcwmj4s5wsc2akctcga0lpc0x8v8du3fxprqp4ldkv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQelZhczRxNHJPdFNPd2R1
VkFTUFJ2N3FLN1VvU1BqN0JqV2VyVVFUUzJnCndQWjYrS2lYbzRROFg3VGtMb3BP
NDlYYkhuRGZCdjVncHlXV3ZHcHZ1U0EKLS0tIEM4MUVkaDU4QlphWm5VM1RjbWR2
R0Y0d3lJNlMvZVEvTnNwbC91YmNoMU0KErYP7q4xGVCyF4GGGEkaydMjFQ8759ER
o9+vtEjJme9AQosa3T4uuATIebxBzqpheRHmvxyNwdt9pZtWvaROng==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yxx8uwxkugvncseatftkxttnmy8888wxemtygdkzhfzj5fzzfvgsuj3hn2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSWFkeHI2UHdZN1RhSlV3
dlNtWGlkWW95WjdhZTl1VzBvT0V4VytNOVN3Cmd6ZTEvNmJEMUt6bVRKM1hlUE1n
ZlA5TVNpWm9PUWpXOG9JMUhtRk5aUnMKLS0tIDJBd1RWQ3RmSzJPNjZ5ZTdMZFlZ
UHhwbURCdHdFOGppZXVJcGFvMWNWTVkK90smB4htJ4aN52zFVpGUYwkledxpGdUr
so6rQ3FfXsE7ik/+f89hPXZJUZLxpO+ENIWitMvH1ZNFmjz3uT+NYA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1xzxryqq63x65yuza9lmmkud7crjjxpnkdew070yhx6xn7xe4tdws5twxsv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadlVCTGRWY0trNnViTm1u
NVFBUW1GbVVxOUtpRUt1dElPNFU3clhLUngwCldWa1UzUms0QlJFRngzQitPek9O
c3Z3S2FpRXMrYWU1bFdrUDlzdUwxSW8KLS0tIHg0M1NWWXRTY0swUmw3MXpQQ21o
Q2IyU01yUjVYWFUzVEsyR1dyYlVVTWMK7+3zPVmkQ1lpFmD7f+rpDHVCtmBrZ/sH
5D8FEbUfqu4l7LDCrtJ8LBBSvntwkcVKQlBu3fwBIDqhgOy9fGjZWA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-05T20:53:12Z"
mac: ENC[AES256_GCM,data:FbzvVgRSBBQ39ppKY7CmPghmkwgvSH8tW3aEC2VD90Xb7YypthnCYTos6Igmv/LkF77F4gkpoF3IT2KqkXJbAZ478ZD412sSkKtOl/A3dWtVkdMSgO8Lv/jvyC6/HtF3MEFHtUM8eG+2brQOUIwWg9fcT+4iaxfEBvJV8duW/XE=,iv:WRWaBWRrB8AthHbtHlNVfcrL0N31g3Z5uAYbeEN1jm4=,tag:qQW69HfEKNmPkeZw4nncwg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

58
users/secrets.yaml Normal file
View File

@@ -0,0 +1,58 @@
richie_password: ENC[AES256_GCM,data:XpDkJ/DXQWVuqzbqod9NsQ44WLwu2wMePjtiT8r0tZBeCUGY4g9hXDUUYdt/W5E62HQ7adpnkrQiqaV4X0OHvZH959rLjcYCRA==,iv:3kOljaQbdvqAjb3QlEy38V6AhWp3Gfn8ny9SnPOaw/w=,tag:JZMkf/C04thmljr76UdTxQ==,type:str]
gaming_password: ENC[AES256_GCM,data:mk3AitOvkCaY/xSmvxi5uXYjGWORlqhfLQSeYBXJwAFv804yIyGyCL14ssTKdChVt+A+db8wRAPEZxplPDQPQoe7IBvLrbNwhw==,iv:z3jS/EhouJTtTP53e01DpJAB6o2h+v6PeVlg+I5txP0=,tag:IDByYmYGGvoA+shFFf0g6Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1u8zj599elqqvcmhxn8zuwrufsz8w8w366d3ayrljjejljt2q45kq8mxw9c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqR1lUREVMR3hyTTFNZ3U0
NkFkY202RGtMS0taTjRnOEd4OGlsZ1VORUhFCnIxUlV1eS81N0U1NXpOcWYxSUU0
WER1cFY3a2lWU01tTUQ2Vk5VK2JmSDAKLS0tIHUxL3F5UWZ2aUwxd2JXZG5ybE9w
d29oZ1poZU5ZTlgxMmlsVWpoMUtFYjAKdRoXdqxfxyOL++pP0izdUuZngMcF24ne
OJ6kVJexJF9Hu9InwPeDtRboMhMi01gt6L5a47hOX5FUsi+4HbeVLQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1q47vup0tjhulkg7d6xwmdsgrw64h4ax3la3evzqpxyy4adsmk9fs56qz3y
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBWmJZWDZtWFJaTCtmdVNG
QkNiK1hFdWlnVFp0ZG01V1A3cFdtU2xGN1NBCm1oeXlLT3NYMC9lZDlHSnJGQUc1
RnppNjc0QnBqSW5XTWUxZExBMHhORDQKLS0tIHpJNDJBU25COGR2dlg5em5YcGZB
VTBqRjhZWkdmdVdoa0V0VmIzdm5hbTgKEa9hW6jU538meU2Sm//b7OUBqqjAHHL5
rluVCSMcrcoVtui0mB8vMoKeh6/n/qRLe38a/puvAj0q/PolN9ZEhA==
-----END AGE ENCRYPTED FILE-----
- recipient: age13lmqgc3jvkyah5e3vcwmj4s5wsc2akctcga0lpc0x8v8du3fxprqp4ldkv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBVlp4clVEb3Y4d0hzSEtW
dUMyb3V1aHlMS0Fvc0lGU3doRjE3SVFrNVdFCkpTQ1k2RTBIb2tzQ3UxajlPSWhY
ZzkwUWlDYWROZXpHMlFVaTM0MFlpMXcKLS0tIFNUN1QyRk41WkhPblZMbVFXNkZi
N1RkUVc0N0hIaUs3RXpXTWpDZTBOUXcKgOW6IV1mh3q8NT2Ky9EKlywWBaaCn5ML
bhfmmvt1Fndh2ys3poxODjNDiow34VxwhS+Ou0HsxsJ7zu7VvmPh0w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1xzxryqq63x65yuza9lmmkud7crjjxpnkdew070yhx6xn7xe4tdws5twxsv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnOXR6SWh2SlBWdjZVL3F1
ckd4N3JKNkkzYWtlRWN2QUFob3FJRkxQU1RNClllMDFMRE80ODROZDR3Y2g0Z2xs
aXJORTI1azEzbnhJMkZiNmNKZDBsOVUKLS0tIHZjV3BXaG9WVzNzVDZHYVdmOFdM
S3hZMkgvYkl5Ky9uYmpjVHpFUlMwYTgKIHxHRPMgEAgQNXg5lK2QkdBjMcamlxSp
HEoT/APYI/NN3V2l7mgfiH/fn2FXGdd3Ct5mqwp25GUYIp45zN3pqA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ufnewppysaq2wwcl4ugngjz8pfzc5a35yg7luq0qmuqvctajcycs5lf6k4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXSnNxaDVSbUJ2Y1NSc0hV
TWhzNzNRWTNhV1BBMFhPeVQ5eHkzb3Bkams4Ck1YdDExcU1WdExEQ0M1VXZpUzBV
L0xSTENrOEZlOU1XUHNUbEtHbURSK1UKLS0tIEJkaE9QOUdzN1VDbWFTSWd6RkY4
UzQzWEFtSDJwR201cmZoeXh5T0RmSk0KWLOpw5cWbtnfVP/ISa7n1vZchoD+nxmn
7yr7igpEIro0Sd238KinOQYswVaT0NHB9p1dSW/mN+aGQliSNLzkDQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-07T05:29:07Z"
mac: ENC[AES256_GCM,data:UQdrRT/SHTxHeX2AORJ3N7oc5MDIE6kcWw/KecYGarQ0+ToUST+WOIiiPauM7xUt0nwT2FpU/sArVpjLsldUd4JjeErh6yvfRfYgW+K3w/m7G5LdRlU7wDB1FoNkX/Caue56Vcd9qcF5mBelp6pwaAvjK+EmTHM0TEf/OKN8Aws=,iv:D+70S9dZerl27sTNb+yDfnue7fufWj6fQIbPmP5V348=,tag:Lvjok0HBVtagverUSuxYQQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2